CVE-2016-9675 – openjpeg: incorrect fix for CVE-2013-6045
https://notcve.org/view.php?id=CVE-2016-9675
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. openjpeg: Se ha descubierto un fallo de desbordamiento de búfer basado en memoria dinámica en el parche para CVE-2013-6045. Una imagen j2k manipulada puede provocar la caída de la aplicación, o potencialmente ejecutar código arbitrario. A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or possible code execution. • http://rhn.redhat.com/errata/RHSA-2017-0559.html http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.openwall.com/lists/oss-security/2016/11/29/7 http://www.securityfocus.com/bid/94589 https://access.redhat.com/security/cve/CVE-2016-9675 https://bugzilla.redhat.com/show_bug.cgi?id=1382202 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2016-3182
https://notcve.org/view.php?id=CVE-2016-3182
The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. La función color_esycc_to_rgb en el archivo bin/common/color.c en OpenJPEG versiones anteriores a 2.1.1, permite a atacantes causar una denegación de servicio (corrupción de memoria) por medio de un archivo jpeg 2000 diseñado. • http://www.openwall.com/lists/oss-security/2016/03/16/16 http://www.openwall.com/lists/oss-security/2016/09/27/1 https://bugzilla.redhat.com/show_bug.cgi?id=1317826 https://github.com/uclouvain/openjpeg/issues/725 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-3183
https://notcve.org/view.php?id=CVE-2016-3183
The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. La función sycc422_t_rgb en common/color.c en OpenJPEG en versiones anteriores a 2.1.1 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo jpeg2000 manipulado. • http://www.openwall.com/lists/oss-security/2016/03/16/17 https://bugzilla.redhat.com/show_bug.cgi?id=1317821 https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767 https://github.com/uclouvain/openjpeg/issues/726 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH https://lists.fedoraproject.org/archives • CWE-125: Out-of-bounds Read •
CVE-2016-9117
https://notcve.org/view.php?id=CVE-2016-9117
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. Acceso a puntero NULL en la función imagetopnm de convert.c(jp2):1289 en OpenJPEG 2.1.2. El impacto es de denegación de servicio. • http://www.securityfocus.com/bid/93783 https://github.com/uclouvain/openjpeg/issues/860 https://security.gentoo.org/glsa/201710-26 • CWE-476: NULL Pointer Dereference •
CVE-2016-9113
https://notcve.org/view.php?id=CVE-2016-9113
There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. Hay una referencia a puntero NULL en la función imagetobmp de convertbmp.c:980 de OpenJPEG 2.1.2. image->comps[0].data no se asigna un valor después de la inicialización (NULL). El impacto es de denegación de servicio. • http://www.securityfocus.com/bid/93980 https://github.com/uclouvain/openjpeg/issues/856 https://security.gentoo.org/glsa/201710-26 • CWE-476: NULL Pointer Dereference •